Visually sealed and digitally signed electronic documents : building on Asian tradition

E-commerce has developed through the use of digital signatures, employing various forms of Public Key Infrastructure (PKI) to ensure the secure usage of digital signatures. Digital signatures are designed to facilitate the functions of traditional seals and handwritten signatures for the purposes of authentication, data integrity, and non-repudiation within the e-commerce environment. Historically, the authenticity of documentation has always been verified by the application of a recognisable visual stimulus to the document; however, the current digital signature regime overlooks the importance of this analogous sense of visualisation. One of the primary problems with existing digital signatures is that a digital signature does not "feel" like, or resemble, a traditional seal to the human observer, as it does not have a personal, recognisable, or aesthetic sense of visualisation. Currently, digital signatures, such as the OpenPGP (Pretty Good Privacy) digital signature, are attached to the end of an electronic document as a stream of printable ASCII characters. (RFC2440) This appears to the average user as a long, incomprehensible string of random characters offering no sense of identity or ownership by simple visual inspection. Additionally, digital signatures change each time they are applied, in contrast to traditional seals that remain consistent personal identifiers associated with individual signatories. The goal of this research is to promote enhancements to existing digital signature schemes in order to bridge the cultural gap between traditional seals and digital signatures. Culturally friendly features integrated into the digital signature have the potential to increase user acceptability of global e-commerce. This research investigates traditional seal cultures within the context of modern digital signatures, identifying the need to develop a new, culturally friendly, visualised digital signature scheme. The principles behind digital signatures are reviewed and the essential roles and responsibilities of a PKI are addressed. A practical analysis of PKI implementation is also essential. Taiwan is selected as the focus of this research since its heritage is deeply rooted in, and strongly adheres to the Chinese seal culture. The Taiwanese government is in the process of adapting the traditional seal certificate system to the electronic digital signature system. Therefore it is pertinent to review the PKI implementation and digital signatures applications in Taiwan in this study. The purpose of this research is to make the intangible digital signature virtually tangible; i.e., to incorporate visualisation into the current digital signature practice. This research defines new private extensions to the X.509 v3 certificate, recommending that conforming visualised digital signature applications should then be developed to generate and/or recognise visual digital certificates in support of the proposed visualised digital signature scheme. The processes of visualised digital signature creation and of verification through the application of the visualised digital certificate are then explained. This is accompanied by a model of system analysis for developers of conforming implementations of this specification. This allows developers the freedom to select appropriate developing tools. An analysis of this research evaluates the quality of integrity, security, interoperability, performance, and flexibility offered by this proposal.Future directions for furthering research development conclude this dissertation.